As large, embarrassing data breaches continue to expose big box and e-commerce retailers around the world, retail CEOs and line-of-business executives can no longer afford to ignore security. Because hits to reputation, PCI compliance fines, bank fees, incident response and lawsuits add up fast when organisations fail to comply with PCI and secure their IT assets.
Here are 5 things to help technology leaders put security matters in business context so that CEOs can help drive the kind of change that will better secure their organisation and, in the process, keep them in compliance with PCI Data Security Standards:
1. Complexity is adding risk and expense to your IT operations
Many retail organisations have incrementally addressed PCI compliance requirements through piecemeal purchasing of security products that might address one or two controls at a time. This has led to extremely fragmented IT security infrastructure that is difficult and expensive to manage.
2. Your security team probably can’t keep up with threats
Today’s threat landscape is advancing faster than the average retailer can keep up. So much so, the incredible volume of attempts at network compromise is constantly keeping teams in the weeds. As a result, they’re unable to find attacks fast enough to thwart attempts at theft and fraud. Industry data shows that the typical organisation now takes an average of 205 days to find active compromises of their IT assets.
3. Your store connectivity may be compromising sensitive customer data
At store level, many retail organisations must provide connectivity that satisfies a number of unique business demands. Of course, employees may need access to cloud hosted applications to operate internal inventory management systems or look something up for customers. While stores may want to provide free WiFi access to customers as a courtesy or competitive differentiator. All of these types of access carry different kinds of risks and as a result, require different kinds of protection.
4. Security doesn’t have to ruin website performance
Website performance is absolutely critical to maintaining customer engagement and ensuring online customers don’t abandon orders. CEOs shouldn’t have to worry that security measures will hurt performance if the right controls are implemented properly.
5. Security controls shouldn’t impede new revenue opportunities
In today’s mobile-enabled world, retailers are increasingly finding that their ability to keep pace with customer demands requires constant feature updates to their website and the addition of new mobile apps to deliver products and services.
CEOs may want to frame their discussions with security leaders based on the five areas of concern we’ve listed here. CIOs and CISOs should not only be developing strategies to address existing business security challenges, but also have the foresight to plan their infrastructure for the future.
5 Things Retail CEOs should know about Security and Optimising Business Results, taken from TechTarget and Juniper Networks research. Find out more by downloading the Whitepaper.